4 matches found
CVE-2025-32791
The CVE-2025-32791 relates to information leakage in the Backstage permission backend (Backstage permission plugin). Affected component: the permission backend’s handling of conditional decisions. Root cause (as described): callers can extract information about conditional decisions returned by t...
CVE-2025-32791 Permission policy information leakage in Backstage permission system
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...
CVE-2025-32791 Permission policy information leakage in Backstage permission system
The Backstage Scaffolder plugin houses types and utilities for building scaffolder-related modules. A vulnerability in the Backstage permission plugin backend allows callers to extract some information about the conditional decisions returned by the permission policy installed in the permission...
@backstage-community/plugin-rbac-backend (>=5.2.3 <=6.1.1), @janus-idp/backstage-plugin-rbac-backend (>=4.4.2 <=5.2.2) +3 more potentially affected by CVE-2025-32791 via @backstage/plugin-permission-backend (=0.5.55)
@backstage/plugin-permission-backend NPM version =0.5.55 is affected by a known vulnerability. The following packages have a transitive dependency on @backstage/plugin-permission-backend and may be impacted: - @backstage-community/plugin-rbac-backend =5.2.3, =4.4.2, =6.0.1, =0.7.6, =2.0.0, =4.0.0...